Educause Security Discussion mailing list archives

Re: Staff Directory on Web

From: "Foss, Henry L." <fossh () SACREDHEART EDU>
Date: Thu, 24 Jun 2021 19:11:51 +0000

We strip display names from non-university domains. So fraudsters trying to disguise themselves as university employees 
- sending from a Gmail address, or example - end up being revealed as their sender name. And we also embed a yellow 
banner and warning that the sender is external.

We make this part of our new hire training also so word gets out to the user community.

-Hank

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Lovaas,Steven
Sent: Thursday, June 24, 2021 2:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Staff Directory on Web

For those of you who have closed off faculty/staff directories (or moved to requiring authentication to see them), I'd 
be interested in hearing how you provide for boot-strapping contact needs like:

  *   Community members/press/others wanting to ask an expert
  *   Faculty of other institutions wanting to initiate collaboration
  *   Potential grad students wanting to explore faculty advisors
Thanks,
Steve

================================
Steven Lovaas
Chief Information Security Officer
Colorado State University - Fort Collins and CSU System
steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu>
970-297-3707
================================
________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of James Monek <jmm616 () LEHIGH EDU<mailto:jmm616 () LEHIGH EDU>>
Sent: Thursday, June 24, 2021 12:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Staff Directory on Web

We did have our directory available publicly at one time but since then we require authentication to view and search. 
We did this for the obvious reasons as you have noted.

Jim

On Thu, Jun 24, 2021 at 1:56 PM Barton, Robert W. <bartonrt () lewisu edu<mailto:bartonrt () lewisu edu>> wrote:
Afternoon,

There is a little debate going here on IF our directory of employees (name, number, email, department) should be 
available to the web.  One side looks at it as we are being transparent, and it is good "marketing".  The other side is 
looking at it like we are releasing to much information (making it easier for a hacker to find targets) and making it 
easy for SPAMers.  Has anybody had this conversation before?  Anybody have an article that says one or the other?

As I search around, I'm seeing colleges/universities that go both ways.

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
1 University Parkway
Romeoville, IL  60446-2200
815-836-5663

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ce273b226c1884a87f46a08d9373adf76%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637601548259877676%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Eirn7UkQYH%2FUb3zDMh49xdBAMk2YZ7BTdXhfyMH6sjI%3D&reserved=0>


--
James Monek
Director, Technology Infrastructure & Operations
Lehigh University - Library and Technology Services
P: 610-758-5010
E: jamesmonek () lehigh edu<mailto:jamesmonek () lehigh edu>

Follow Lehigh LTS at:
Facebook: 
https://www.facebook.com/LehighLTS<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FLehighLTS&data=04%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ce273b226c1884a87f46a08d9373adf76%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637601548259887673%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yoOPF6uL0ryza6v6wSioO7%2FjH8Hvs8B%2FfunCAJ8pDCk%3D&reserved=0>
Twitter: 
https://twitter.com/lehighlts<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Flehighlts&data=04%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ce273b226c1884a87f46a08d9373adf76%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637601548259887673%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Pgpayq%2BvejmkUcP1Qb8SGRVF7RidCLp%2B9ngTVg9LQlQ%3D&reserved=0>

TIO Blog: 
https://wordpress.lehigh.edu/jmm616/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.lehigh.edu%2Fjmm616%2F&data=04%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ce273b226c1884a87f46a08d9373adf76%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637601548259897670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eqYha69wcOCfB4qHcQ%2F3VjDrZrJ8KbDIKS%2Bp44WPt0M%3D&reserved=0>




**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Csteven.lovaas%40COLOSTATE.EDU%7Ce273b226c1884a87f46a08d9373adf76%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637601548259907668%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=A%2F56BclfUJ2tCMi%2FtNvD2vFqwX%2BzlwNY9moMBXPhLTM%3D&reserved=0>
The sender of this email is external to Sacred Heart University. Do not click any links unless you know and trust the 
sender.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Staff Directory on Web Barton, Robert W. (Jun 24)
- Re: Staff Directory on Web Jeremy Livingston (Jun 24)
- Re: Staff Directory on Web Sidharth Nandury (Jun 24)
  - Re: Staff Directory on Web Blake Brown (Jun 24)
- Re: Staff Directory on Web James Monek (Jun 24)
  - Re: Staff Directory on Web Lovaas,Steven (Jun 24)
    - Re: Staff Directory on Web Telfer, Will (Jun 24)
    - Re: Staff Directory on Web Barton, Robert W. (Jun 24)
    - Re: Staff Directory on Web Foss, Henry L. (Jun 24)
- Re: Staff Directory on Web randy (Jun 24)